4D WebSTAR Symlink Privilege Escalation

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.

Synopsis :

The remote FTP server is affected by a local symbolic link

Description :

The remote server is running 4D WebStar FTP Server. The version of 4D
WebStar FTP Server on the remote host is reportedly affected by a
local symbolic link vulnerability caused by the application opening
files without properly verifying their existence or their absolute

Successful exploitation of this issue will allow an attacker to write
to arbitrary files subject to the permissions of the affected

See also :


Solution :

Upgrade to 4D WebStar 5.3.3 or later.

Risk factor :

Low / CVSS Base Score : 3.6
CVSS Temporal Score : 3.0
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 14241 (4d_webstar_symb_link.nasl)

Bugtraq ID: 10714

CVE ID: CVE-2004-0698

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now